1
Defeating Nation State Actors Stalking the
Health Care Sector
Session #76, February 12, 2019
Brigadier General (ret.) Greg Touhill, President, Cyxtera Federal Group
2
Gregory Touhill, CISSP, CISM
Has no real or apparent conflicts of interest to report.
Conflict of Interest
3
Gregory Touhill, CISSP, CISM
Salary: Confidential under Cyxtera policy
Royalty: N/A
Receipt of Intellectual Property Rights/Patent Holder: N/A
Consulting Fees (e.g., advisory boards): N/A
Fees for Non-CME Services Received Directly from a Commercial
Interest or their Agents (e.g., speakers’ bureau): N/A
Contracted Research: N/A
Ownership Interest (stocks, stock options or other ownership
interest excluding diversified mutual funds): N/A
Other:
Conflict of Interest
4
Discuss the current cyber threat environment.
Tactics, techniques, and procedures used by nation state actors
and cyber criminal groups to threaten organizations.
Why the health care environment is at high risk?
What the health care sector should do to better manage their risk.
Agenda
5
Recognize the current cyber threat environment and most
common cyber threat vectors to the health care sector
Identify best practices to implement the cyber risk framework to
better manage cyber risk
Apply taxonomies presented to assess organizational cyber risk
exposure
Categorize and prioritize information and assess best practices to
develop strategies that are effective, efficient and secure
Decide how to apply best practices presented to improve current
cyber strategy and programs to better manage risk
Learning Objectives
6
“What do I have that would possibly
interest a nation state actor?”
Health Care Executive
HITRUST Conference
April 25, 2016
7
OPM said the same thing…
Photo: Susan Walsh, Associate Press. https://www.nextgov.com/cybersecurity/2015/07/why-lawsuit-against-opm-over-
massive-data-breach-faces-uphill-battle/116701/
8
Health Sector Key Cyber Terrain
Patient Data
Medical, Financial, Family, Patient History, Provider
Records, etc.
Information Technology Systems
Exquisite capabilities that choreograph and manage the
best health care the world has ever seen
Intellectual Property
Trade secrets that include proprietary systems and
products
Examples: new tools, devices, pharma, etc.
Research and Development
AI, new medications, techniques, tools, etc.
9
Is this guy interested in your
information?
Photo: https://www.bodylanguagesuccess.com/2017/04/nonverbal-communication-analysis-no_15.html
10
Iranians are increasing capable
and active cyber threats
Photo: https://www.fbi.gov/wanted/cyber/iranian-mabna-hackers
Photo: https://www.defenseone.com/technology/2016/03/why-military-cant-go-after-iran-
hacking-your-dam/126945/
11
Who may be interested in patient records?
Photo: https://www.theguardian.com/world/2006/jul/07/russia.bbc
12
China’s Five Year Plan is Both a
Roadmap and a Warning
13
“Side Hustle Criminals
14
Make no
mistake:
You are a
target!
15
Pop Quiz: Do Nation State Actors Rely
on Zero Days Exploits?
16
How would I
attack you?
Lockheed Martin Cyber Kill Chain
17
91
%
of breaches start
with a phishing attack
18
Greg’s advice on how to
defeat the nation state
actors hunting you
19
Adopt a Zero
Trust Strategy
(Because Trust is Assumed and
Misplaced)
20
Rethink access control:
User name & password
isn’t good enough.
21
Multi-factor authentication is
essential
22
Wake Up: TCP/IP is a weak security foundation
2
Connect
3
Authenticate
1
All resources are visible
TCP/IP
Connect First,
Authenticate
Second
2
Connect
3
Only authorized
resources visible
1
Authenticate
Software-Defined
Perimeter
Authenticate First,
Connect Second
23
Retire Ancient VPNs and
Implement Software
Defined Perimeter
Technology
Unclog Firewall Congestion
24
Segment? No. Micro-Segment!
Create a “Segment of One”
1:1 ENCRYPTED NETWORK SEGMENT
PROTECTED RESOURCES
Cloud, Hybrid or On-Premises
25
Whitelist
26
Monitor attack
vectors relentlessly
Take control of your email
channel with DMARC
Get actionable
data and use it
Expedite attack
takedown
Increase visibility
of targeted threats
Leverage Powerful Automation to Detect and Thwart Fraud
27
Guard Your Back Door
28
Be Careful Flying Into Clouds
29
Think ahead: Artificial Intelligence is a
coveted health attack surface
30
31
Brigadier General (ret.) Greg Touhill
Greg.Touhill@Cyxtera.com
https://www.linkedin.com/in/gregorytouhill/
Questions
Please take a moment to complete the online session evaluation